Redefining Security for the Modern Data Center in a Multicloud World

Global security challenges are ever-growing, especially with the rise of sophisticated threats. A growing concern for many of our customers is around security for today’s complex data centers. How do you keep data safe while you’re running applications in both on-prem data centers and in public, private, and hybrid clouds?

The solution is simple— security for the data center must evolve to deliver greater insight. In order to protect your data and reduce the scope of an attack, customers are choosing multi-layered segmentation, which limits the ability for threats to spread through the data center from one resource to another, while delivering threat protection to quickly see and stop the breach before hackers can steal data or disrupt operations. The result is increased agility and intelligence together with robust protection as workloads move across physical data centers and multi-cloud environments.

But first…why is this important to enterprises?

The proliferation of devices and applications are creating many new entry points for threats while generating a flood of traffic, requiring organizations to rethink data center security. Virtualization, cloud, and software defined networking (SDN) increase security complexity, while new technologies such as microservices, containers and APIs increase the opportunity for data theft. Traditional perimeter methods for security are no longer sufficient to protect dynamic applications and workloads.

Cisco’s architectural security solution to secure the modern data center is comprehensive, and we are the only vendor that can truly protect the workload everywhere.

Our integrated security solution provides these unique capabilities:

Enhanced visibility – Identify network and application anomalies in minutes by using endpoint and network analytics and process behavior dynamic baselining and by detecting and flagging deviations. This helps organizations identify who users are, where they are connecting from, and what hosts and application resources they are accessing.

With Cisco Stealthwatch, Cisco makes it easier for organizations to quickly discover breaches with hundreds of threat classifiers and global machine learning that analyze user and device communications for malicious network activity such as encrypted threats.

Using Cisco Tetration, customers can identify a broad set of Common Vulnerabilities and Exposures (CVEs) including high impact server vulnerabilities. Customers can also detect suspicious process behavior deviations such as shellcode, privilege escalation, and side channel attacks such as Spectre and Meltdown.

Efficient application segmentation— Reduce the attack surface up to 85 percent by eliminating identified vulnerabilities. Cisco keeps bad actors in one place by preventing them from moving laterally across servers or east-west traffic flows with micro-segmentation and application whitelisting.

Segmentation is enforced at multiple areas in the data center — at the perimeter but also deep into the application tiers. Workloads no matter where they go can have security attached to them in the form of multi-layered segmentation. This allows for dynamic control of workloads across multiple areas in the data center – across the perimeter, on the fabric, and on the server and application process.

Segmentation enables consistent and granular policy enforcement on our Next Generation Firewalls (NGFW), on the Nexus9000 Series Switches on the ACI Fabric, across and down to the servers including HyperFlex and United Computing System (UCS) and application process with Tetration.

We can now enforce policy on the workload wherever it moves in the data center and also in a multi-cloud environment. As the workloads move, our integrated segmentation solution works dynamically to adjust and map the right security to those workloads. This allows you to consolidate silos of policy and automate the enforcement of policy.

Quickly detect, block, and respond to breaches—Cisco Talos is the industry’s leading threat intelligence team, blocking 19.6 Billion threats per day and 2.5 Million threats per second.

Powered by Talos, multi-layered threat sensors from Stealthwatch, Next Generation Firewall (NGFW), Firepower Next Generation IPS (NGIPS), and Advanced Malware Protection (AMP) work together to detect the latest and most advanced forms of malware.

Our integrated security architecture works intelligently with Tetration and ACI to deliver comprehensive threat protection to find and block more threats and quickly contain and mitigate those that do breach a data center.

Here is what a few of our largest partners are saying about Cisco’s data center security solution:

“Cisco is the leader in the Data Center and Security. We are excited to drive Cisco’s new Data Center Security solutions to protect our customers’ workloads”.

Sam Cho, CEO & President, Metanet Global LLC

“Cisco and Dimension Data are collaborating together to secure our customers’ workloads in on-prem data center and multicloud environments. We are excited to partner with Cisco to grow our business.”

Matt Gyde, Group Executive, Security, Dimension Data

“Cisco is unmatched in its ability to provide security consistently, throughout the fabric of the network. The Cisco Secure Data Center solution brings the best of Cisco’s security capabilities together in a comprehensive solution to secure access to, and activity within, the modern data center.”

Some of the individuals posting to this site, including the moderators, work for Cisco Systems. Opinions expressed here and in any corresponding comments are the personal opinions of the original authors, not of Cisco. The content is provided for informational purposes only and is not meant to be an endorsement or representation by Cisco or any other party. This site is available to the public. No information you consider confidential should be posted to this site. By posting you agree to be solely responsible for the content of all information you contribute, link to, or otherwise upload to the Website and release Cisco from any liability related to your use of the Website. You also grant to Cisco a worldwide, perpetual, irrevocable, royalty-free and fully-paid, transferable (including rights to sublicense) right to exercise all copyright, publicity, and moral rights with respect to any original content you provide. The comments are moderated. Comments will appear as soon as they are approved by the moderator.